This invention relates generally to computer systems, and more particularly to a mechanism for merging multiple policies to derive a resultant policy.
For a number of years, the U.S. Department of Commerce has regulated, and at times, prohibited the exportation of computer programs or applications which implement data encryption algorithms. Currently, computer programs cannot, as a general rule, be exported if they implement encryption algorithms having cryptographic key sizes exceeding a certain number of bits (the specific allowable key size is algorithm-specific). There are certain exceptions to this rule. One exception is that if an exemption mechanism is implemented, the key size, and hence the cryptographic strength of the program, may in some cases be increased. Examples of exemption mechanisms include key escrow, key recovery, and key weakening. Also, certain types of programs are allowed to use larger key sizes than others. For example, current regulations allow health care and financial services applications to use larger key sizes because of the need for increased security (to protect highly sensitive data) in these types of applications. While some applications may enjoy greater latitude than others, all encryption applications are subject to export regulations.
These regulations apply not only to programs which directly implement encryption algorithms, but also to programs which interface with programs that directly implement encryption algorithms. These programs include xe2x80x9cframeworkxe2x80x9d programs which provide infrastructure for facilitating interaction between various programs. The framework itself may not implement any encryption algorithm, but it may allow one or more programs which do implement encryption algorithms to interface with or xe2x80x9cplug inxe2x80x9d to the framework. An example of such a framework is the Java Cryptography Extension to the Java Platform manufactured by Sun Microsystems, Inc. of Palo Alto, Calif. If a framework allows an encryption mechanism to be xe2x80x9cplugged inxe2x80x9d to the framework, the framework itself will be subject to export regulations. This means that in order to be exportable, the framework needs to ensure that all export regulations are adhered to regardless of the encryption implementation that is plugged in to the. framework. In order to do this, the framework needs to have some mechanism for enforcing the necessary restrictions on the encryption implementations.
In accordance with the present invention, there is provided a mechanism for dynamically constructing customized implementations to enforce restrictions on services. For purposes of the present invention, a service is defined broadly to encompass any functionality requested by and provided to an application, including but not limited to encryption/decryption functionality. In one embodiment, the invention is implemented in a system comprising an application, a general implementation of a particular service, and a framework.
The framework receives from the application a request for an implementation of a particular service, such as an implementation of a particular encryption algorithm. In response, the framework determines what restrictions, if any, need to be imposed on the requested implementation. In one embodiment, the framework determines the restrictions based upon a set of specified limitations and upon permissions, if any, granted to the application. Once the restrictions are determined, the framework dynamically constructs the requested implementation. In one embodiment, the requested implementation is constructed such that it incorporates the general implementation of the service, the restrictions, and enforcement logic for enforcing the restrictions on the general implementation. Since the requested implementation is constructed specifically for the application, it is customized for the application. Thus, the implementation is referred to as the customized implementation.
Once the customized implementation is dynamically constructed, the framework provides the customized implementation to the application. Thereafter, the application invokes the customized implementation directly for services. Since the customized implementation incorporates the restrictions and enforcement logic for enforcing the restrictions, it is not necessary for the application to further interact with the framework. The customized implementation itself will provide the services, and will guarantee that the restrictions are enforced. By dynamically constructing customized implementations in this manner, the framework ensures that the necessary restrictions are enforced on the services provided to the application.
As noted above, the restrictions imposed on the customized implementation are determined based upon a set of specified limitations and upon permissions, if any, granted to the application. In one embodiment, the specified limitations are derived by merging multiple source policies. These source policies, which may represent sets of laws/regulations, and which may comprise zero or more entries with each entry comprising an identifier and a set of one or more limitations, are merged by first selecting a current entry in a first source policy. Then a determination is made as to whether there is an entry in a second source policy which corresponds to the current entry. If so, then the limitations in the current entry are processed with the limitations in the corresponding entry to derive a set of resultant limitations. The limitations are processed such that the resultant limitations comprise the most restrictive limitations of the current entry and the corresponding entry. By doing so, it is ensured that the resultant limitations comply with both the first and the second source policies. Once the resultant limitations are derived, a new entry is created in a resultant policy, and the resultant limitations are stored within the new entry. The resultant policy (which represents the set of specified limitations) is thus populated. In this manner, the set of specified limitations is derived by merging multiple source policies.